diff --git a/.github/workflows/plugin_install.yml b/.github/workflows/plugin_install.yml index 0c49ab7342..4bb082557c 100644 --- a/.github/workflows/plugin_install.yml +++ b/.github/workflows/plugin_install.yml @@ -3,7 +3,7 @@ name: Plugin Install on: [push, pull_request, workflow_dispatch] env: - OPENSEARCH_VERSION: 3.1.0 + OPENSEARCH_VERSION: 3.2.0 PLUGIN_NAME: opensearch-security jobs: diff --git a/CHANGELOG.md b/CHANGELOG.md index 84151d4f1a..873d44fdc3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### Changed - Moved OpenSAML jars to a Shadow Jar configuration to facilitate its use in FIPS enabled environments ([#5400](https://github.com/opensearch-project/security/pull/5404)) - +- Fix compilation issue after change to Subject interface in core and bump to 3.2.0 ([#5423](https://github.com/opensearch-project/security/pull/5423)) ### Dependencies - Bump `org.eclipse.platform:org.eclipse.core.runtime` from 3.33.0 to 3.33.100 ([#5400](https://github.com/opensearch-project/security/pull/5400)) diff --git a/build.gradle b/build.gradle index 0b44dc6ab9..f824e64f1f 100644 --- a/build.gradle +++ b/build.gradle @@ -16,7 +16,7 @@ import groovy.json.JsonBuilder buildscript { ext { - opensearch_version = System.getProperty("opensearch.version", "3.1.0-SNAPSHOT") + opensearch_version = System.getProperty("opensearch.version", "3.2.0-SNAPSHOT") isSnapshot = "true" == System.getProperty("build.snapshot", "true") buildVersionQualifier = System.getProperty("build.version_qualifier", "") diff --git a/bwc-test/build.gradle b/bwc-test/build.gradle index 6bdd8e7376..2733be3c32 100644 --- a/bwc-test/build.gradle +++ b/bwc-test/build.gradle @@ -44,7 +44,7 @@ ext { buildscript { ext { - opensearch_version = System.getProperty("opensearch.version", "3.1.0-SNAPSHOT") + opensearch_version = System.getProperty("opensearch.version", "3.2.0-SNAPSHOT") opensearch_group = "org.opensearch" common_utils_version = System.getProperty("common_utils.version", '3.1.0.0-SNAPSHOT') jackson_version = System.getProperty("jackson_version", "2.15.2") diff --git a/sample-resource-plugin/build.gradle b/sample-resource-plugin/build.gradle index 19fed064dd..ff879ae692 100644 --- a/sample-resource-plugin/build.gradle +++ b/sample-resource-plugin/build.gradle @@ -37,7 +37,7 @@ ext { projectSubstitutions = [:] licenseFile = rootProject.file('LICENSE.txt') noticeFile = rootProject.file('NOTICE.txt') - opensearch_version = System.getProperty("opensearch.version", "3.1.0-SNAPSHOT") + opensearch_version = System.getProperty("opensearch.version", "3.2.0-SNAPSHOT") isSnapshot = "true" == System.getProperty("build.snapshot", "true") buildVersionQualifier = System.getProperty("build.version_qualifier", "") diff --git a/sample-resource-plugin/src/main/java/org/opensearch/sample/SampleResourcePlugin.java b/sample-resource-plugin/src/main/java/org/opensearch/sample/SampleResourcePlugin.java index b3d5f73eac..114d18b2c6 100644 --- a/sample-resource-plugin/src/main/java/org/opensearch/sample/SampleResourcePlugin.java +++ b/sample-resource-plugin/src/main/java/org/opensearch/sample/SampleResourcePlugin.java @@ -59,7 +59,7 @@ import org.opensearch.sample.secure.actions.rest.create.SecurePluginAction; import org.opensearch.sample.secure.actions.rest.create.SecurePluginRestAction; import org.opensearch.sample.secure.actions.transport.SecurePluginTransportAction; -import org.opensearch.sample.utils.RunAsSubjectClient; +import org.opensearch.sample.utils.PluginClient; import org.opensearch.script.ScriptService; import org.opensearch.threadpool.ThreadPool; import org.opensearch.transport.client.Client; @@ -78,7 +78,7 @@ public class SampleResourcePlugin extends Plugin implements ActionPlugin, System private static final Logger log = LogManager.getLogger(SampleResourcePlugin.class); private boolean isResourceSharingEnabled = false; - private RunAsSubjectClient pluginClient; + private PluginClient pluginClient; public SampleResourcePlugin(final Settings settings) { isResourceSharingEnabled = settings.getAsBoolean(OPENSEARCH_RESOURCE_SHARING_ENABLED, OPENSEARCH_RESOURCE_SHARING_ENABLED_DEFAULT); @@ -98,7 +98,7 @@ public Collection createComponents( IndexNameExpressionResolver indexNameExpressionResolver, Supplier repositoriesServiceSupplier ) { - this.pluginClient = new RunAsSubjectClient(client); + this.pluginClient = new PluginClient(client); return List.of(pluginClient); } diff --git a/sample-resource-plugin/src/main/java/org/opensearch/sample/secure/actions/transport/SecurePluginTransportAction.java b/sample-resource-plugin/src/main/java/org/opensearch/sample/secure/actions/transport/SecurePluginTransportAction.java index 02f896d5a7..de6a4fdc6c 100644 --- a/sample-resource-plugin/src/main/java/org/opensearch/sample/secure/actions/transport/SecurePluginTransportAction.java +++ b/sample-resource-plugin/src/main/java/org/opensearch/sample/secure/actions/transport/SecurePluginTransportAction.java @@ -24,7 +24,7 @@ import org.opensearch.sample.secure.actions.rest.create.SecurePluginAction; import org.opensearch.sample.secure.actions.rest.create.SecurePluginRequest; import org.opensearch.sample.secure.actions.rest.create.SecurePluginResponse; -import org.opensearch.sample.utils.RunAsSubjectClient; +import org.opensearch.sample.utils.PluginClient; import org.opensearch.tasks.Task; import org.opensearch.transport.TransportService; import org.opensearch.transport.client.Client; @@ -35,12 +35,10 @@ public class SecurePluginTransportAction extends HandledTransportAction { private static final Logger log = LogManager.getLogger(SecurePluginTransportAction.class); - // TODO Get RunAsClient - private final Client pluginClient; @Inject - public SecurePluginTransportAction(TransportService transportService, ActionFilters actionFilters, RunAsSubjectClient pluginClient) { + public SecurePluginTransportAction(TransportService transportService, ActionFilters actionFilters, PluginClient pluginClient) { super(SecurePluginAction.NAME, transportService, actionFilters, SecurePluginRequest::new); this.pluginClient = pluginClient; } diff --git a/sample-resource-plugin/src/main/java/org/opensearch/sample/utils/RunAsSubjectClient.java b/sample-resource-plugin/src/main/java/org/opensearch/sample/utils/PluginClient.java similarity index 77% rename from sample-resource-plugin/src/main/java/org/opensearch/sample/utils/RunAsSubjectClient.java rename to sample-resource-plugin/src/main/java/org/opensearch/sample/utils/PluginClient.java index 2239f7c0a0..c292a95774 100644 --- a/sample-resource-plugin/src/main/java/org/opensearch/sample/utils/RunAsSubjectClient.java +++ b/sample-resource-plugin/src/main/java/org/opensearch/sample/utils/PluginClient.java @@ -21,20 +21,19 @@ import org.opensearch.transport.client.FilterClient; /** - * Implementation of client that will run transport actions in a stashed context and inject the name of the provided - * subject into the context. + * A special client for executing transport actions as this plugin's system subject. */ -public class RunAsSubjectClient extends FilterClient { +public class PluginClient extends FilterClient { - private static final Logger logger = LogManager.getLogger(RunAsSubjectClient.class); + private static final Logger logger = LogManager.getLogger(PluginClient.class); private Subject subject; - public RunAsSubjectClient(Client delegate) { + public PluginClient(Client delegate) { super(delegate); } - public RunAsSubjectClient(Client delegate, Subject subject) { + public PluginClient(Client delegate, Subject subject) { super(delegate); this.subject = subject; } @@ -50,13 +49,12 @@ protected void ActionListener listener ) { if (subject == null) { - throw new IllegalStateException("RunAsSubjectClient is not initialized."); + throw new IllegalStateException("PluginClient is not initialized."); } try (ThreadContext.StoredContext ctx = threadPool().getThreadContext().newStoredContext(false)) { subject.runAs(() -> { logger.info("Running transport action with subject: {}", subject.getPrincipal().getName()); super.doExecute(action, request, ActionListener.runBefore(listener, ctx::restore)); - return null; }); } catch (RuntimeException e) { throw e; diff --git a/spi/build.gradle b/spi/build.gradle index d8bb880d5f..cb47655c82 100644 --- a/spi/build.gradle +++ b/spi/build.gradle @@ -10,7 +10,7 @@ plugins { } ext { - opensearch_version = System.getProperty("opensearch.version", "3.1.0-SNAPSHOT") + opensearch_version = System.getProperty("opensearch.version", "3.2.0-SNAPSHOT") } repositories { diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunAsSubjectClient.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/PluginClient.java similarity index 79% rename from src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunAsSubjectClient.java rename to src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/PluginClient.java index cca3b57830..0f99a85fb8 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunAsSubjectClient.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/PluginClient.java @@ -21,20 +21,19 @@ import org.opensearch.transport.client.FilterClient; /** - * Implementation of client that will run transport actions in a stashed context and inject the name of the provided - * subject into the context. + * A special client for executing transport actions as this plugin's system subject. */ -public class RunAsSubjectClient extends FilterClient { +public class PluginClient extends FilterClient { - private static final Logger logger = LogManager.getLogger(RunAsSubjectClient.class); + private static final Logger logger = LogManager.getLogger(PluginClient.class); private Subject subject; - public RunAsSubjectClient(Client delegate) { + public PluginClient(Client delegate) { super(delegate); } - public RunAsSubjectClient(Client delegate, Subject subject) { + public PluginClient(Client delegate, Subject subject) { super(delegate); this.subject = subject; } @@ -53,7 +52,6 @@ protected void subject.runAs(() -> { logger.info("Running transport action with subject: {}", subject.getPrincipal().getName()); super.doExecute(action, request, ActionListener.runBefore(listener, ctx::restore)); - return null; }); } catch (RuntimeException e) { throw e; diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoMixOfSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoMixOfSystemIndexAction.java index 1e02ef7a21..25179bed6d 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoMixOfSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoMixOfSystemIndexAction.java @@ -34,9 +34,9 @@ public class RestBulkIndexDocumentIntoMixOfSystemIndexAction extends BaseRestHandler { private final Client client; - private final RunAsSubjectClient pluginClient; + private final PluginClient pluginClient; - public RestBulkIndexDocumentIntoMixOfSystemIndexAction(Client client, RunAsSubjectClient pluginClient) { + public RestBulkIndexDocumentIntoMixOfSystemIndexAction(Client client, PluginClient pluginClient) { this.client = client; this.pluginClient = pluginClient; } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoSystemIndexAction.java index 7dd5dd7e45..6c6c3de861 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestBulkIndexDocumentIntoSystemIndexAction.java @@ -34,9 +34,9 @@ public class RestBulkIndexDocumentIntoSystemIndexAction extends BaseRestHandler { private final Client client; - private final RunAsSubjectClient pluginClient; + private final PluginClient pluginClient; - public RestBulkIndexDocumentIntoSystemIndexAction(Client client, RunAsSubjectClient pluginClient) { + public RestBulkIndexDocumentIntoSystemIndexAction(Client client, PluginClient pluginClient) { this.client = client; this.pluginClient = pluginClient; } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestGetOnSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestGetOnSystemIndexAction.java index ca8f1708e2..cad4435cfd 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestGetOnSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestGetOnSystemIndexAction.java @@ -27,9 +27,9 @@ public class RestGetOnSystemIndexAction extends BaseRestHandler { - private final RunAsSubjectClient pluginClient; + private final PluginClient pluginClient; - public RestGetOnSystemIndexAction(RunAsSubjectClient pluginClient) { + public RestGetOnSystemIndexAction(PluginClient pluginClient) { this.pluginClient = pluginClient; } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestSearchOnSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestSearchOnSystemIndexAction.java index 8965cf4771..f4c15947c6 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestSearchOnSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestSearchOnSystemIndexAction.java @@ -29,9 +29,9 @@ public class RestSearchOnSystemIndexAction extends BaseRestHandler { - private final RunAsSubjectClient pluginClient; + private final PluginClient pluginClient; - public RestSearchOnSystemIndexAction(RunAsSubjectClient pluginClient) { + public RestSearchOnSystemIndexAction(PluginClient pluginClient) { this.pluginClient = pluginClient; } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestUpdateOnSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestUpdateOnSystemIndexAction.java index dff63013ec..cdce55c5a3 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestUpdateOnSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RestUpdateOnSystemIndexAction.java @@ -27,9 +27,9 @@ public class RestUpdateOnSystemIndexAction extends BaseRestHandler { - private final RunAsSubjectClient pluginClient; + private final PluginClient pluginClient; - public RestUpdateOnSystemIndexAction(RunAsSubjectClient pluginClient) { + public RestUpdateOnSystemIndexAction(PluginClient pluginClient) { this.pluginClient = pluginClient; } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/SystemIndexPlugin1.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/SystemIndexPlugin1.java index 785995d7a2..1a7ea0a054 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/SystemIndexPlugin1.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/SystemIndexPlugin1.java @@ -45,7 +45,7 @@ public class SystemIndexPlugin1 extends Plugin implements SystemIndexPlugin, IdentityAwarePlugin { public static final String SYSTEM_INDEX_1 = ".system-index1"; - private RunAsSubjectClient pluginClient; + private PluginClient pluginClient; private Client client; @@ -64,7 +64,7 @@ public Collection createComponents( Supplier repositoriesServiceSupplier ) { this.client = client; - this.pluginClient = new RunAsSubjectClient(client); + this.pluginClient = new PluginClient(client); return List.of(pluginClient); } diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java index 3b13eb98f1..a7713d2057 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java @@ -30,14 +30,14 @@ public class TransportIndexDocumentIntoSystemIndexAction extends HandledTranspor AcknowledgedResponse> { private final Client client; - private final RunAsSubjectClient pluginClient; + private final PluginClient pluginClient; @Inject public TransportIndexDocumentIntoSystemIndexAction( final TransportService transportService, final ActionFilters actionFilters, final Client client, - final RunAsSubjectClient pluginClient + final PluginClient pluginClient ) { super(IndexDocumentIntoSystemIndexAction.NAME, transportService, actionFilters, IndexDocumentIntoSystemIndexRequest::new); this.client = client; diff --git a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java index b49b94d74a..173d9b2c7e 100644 --- a/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java +++ b/src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java @@ -26,14 +26,14 @@ public class TransportRunClusterHealthAction extends HandledTransportAction { private final Client client; - private final RunAsSubjectClient pluginClient; + private final PluginClient pluginClient; @Inject public TransportRunClusterHealthAction( final TransportService transportService, final ActionFilters actionFilters, final Client client, - final RunAsSubjectClient pluginClient + final PluginClient pluginClient ) { super(RunClusterHealthAction.NAME, transportService, actionFilters, RunClusterHealthRequest::new); this.client = client; diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java index 1f60e342d3..6f1a10f60a 100644 --- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java +++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java @@ -167,8 +167,7 @@ import org.opensearch.security.hasher.PasswordHasherFactory; import org.opensearch.security.http.NonSslHttpServerTransport; import org.opensearch.security.http.XFFResolver; -import org.opensearch.security.identity.ContextProvidingPluginSubject; -import org.opensearch.security.identity.NoopPluginSubject; +import org.opensearch.security.identity.SecurePluginSubject; import org.opensearch.security.identity.SecurityTokenManager; import org.opensearch.security.privileges.PrivilegesEvaluationException; import org.opensearch.security.privileges.PrivilegesEvaluator; @@ -2292,9 +2291,8 @@ public SecurityTokenManager getTokenManager() { @Override public PluginSubject getPluginSubject(Plugin plugin) { - PluginSubject subject; + PluginSubject subject = new SecurePluginSubject(threadPool, settings, plugin); if (!client && !disabled && !SSLConfig.isSslOnlyMode()) { - subject = new ContextProvidingPluginSubject(threadPool, settings, plugin); String pluginPrincipal = subject.getPrincipal().getName(); URL resource = plugin.getClass().getClassLoader().getResource("plugin-additional-permissions.yml"); RoleV7 pluginPermissions; @@ -2314,8 +2312,6 @@ public PluginSubject getPluginSubject(Plugin plugin) { } pluginPermissions.getCluster_permissions().add(BulkAction.NAME); evaluator.updatePluginToActionPrivileges(pluginPrincipal, pluginPermissions); - } else { - subject = new NoopPluginSubject(threadPool); } return subject; } diff --git a/src/main/java/org/opensearch/security/auth/UserSubjectImpl.java b/src/main/java/org/opensearch/security/auth/UserSubjectImpl.java index a28ed8dd63..8d1fbb973a 100644 --- a/src/main/java/org/opensearch/security/auth/UserSubjectImpl.java +++ b/src/main/java/org/opensearch/security/auth/UserSubjectImpl.java @@ -10,8 +10,8 @@ package org.opensearch.security.auth; import java.security.Principal; -import java.util.concurrent.Callable; +import org.opensearch.common.CheckedRunnable; import org.opensearch.common.util.concurrent.ThreadContext; import org.opensearch.identity.NamedPrincipal; import org.opensearch.identity.UserSubject; @@ -42,10 +42,10 @@ public Principal getPrincipal() { } @Override - public T runAs(Callable callable) throws Exception { + public void runAs(CheckedRunnable r) throws E { try (ThreadContext.StoredContext ctx = threadPool.getThreadContext().stashContext()) { threadPool.getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, user); - return callable.call(); + r.run(); } } diff --git a/src/main/java/org/opensearch/security/identity/NoopPluginSubject.java b/src/main/java/org/opensearch/security/identity/NoopPluginSubject.java deleted file mode 100644 index a65fd3337e..0000000000 --- a/src/main/java/org/opensearch/security/identity/NoopPluginSubject.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - * - * Modifications Copyright OpenSearch Contributors. See - * GitHub history for details. - */ - -package org.opensearch.security.identity; - -import java.security.Principal; -import java.util.concurrent.Callable; - -import org.opensearch.common.util.concurrent.ThreadContext; -import org.opensearch.identity.NamedPrincipal; -import org.opensearch.identity.PluginSubject; -import org.opensearch.threadpool.ThreadPool; - -public class NoopPluginSubject implements PluginSubject { - private final ThreadPool threadPool; - - public NoopPluginSubject(ThreadPool threadPool) { - super(); - this.threadPool = threadPool; - } - - @Override - public Principal getPrincipal() { - return NamedPrincipal.UNAUTHENTICATED; - } - - @Override - public T runAs(Callable callable) throws Exception { - try (ThreadContext.StoredContext ctx = threadPool.getThreadContext().stashContext()) { - return callable.call(); - } - } -} diff --git a/src/main/java/org/opensearch/security/identity/ContextProvidingPluginSubject.java b/src/main/java/org/opensearch/security/identity/SecurePluginSubject.java similarity index 84% rename from src/main/java/org/opensearch/security/identity/ContextProvidingPluginSubject.java rename to src/main/java/org/opensearch/security/identity/SecurePluginSubject.java index f2e7449b2f..74ae1e79ce 100644 --- a/src/main/java/org/opensearch/security/identity/ContextProvidingPluginSubject.java +++ b/src/main/java/org/opensearch/security/identity/SecurePluginSubject.java @@ -10,8 +10,8 @@ package org.opensearch.security.identity; import java.security.Principal; -import java.util.concurrent.Callable; +import org.opensearch.common.CheckedRunnable; import org.opensearch.common.settings.Settings; import org.opensearch.common.util.concurrent.ThreadContext; import org.opensearch.identity.NamedPrincipal; @@ -21,7 +21,7 @@ import org.opensearch.security.user.User; import org.opensearch.threadpool.ThreadPool; -public class ContextProvidingPluginSubject implements PluginSubject { +public class SecurePluginSubject implements PluginSubject { private final ThreadPool threadPool; private final NamedPrincipal pluginPrincipal; private final User pluginUser; @@ -30,7 +30,7 @@ public static String getPluginPrincipalName(String canonicalClassName) { return "plugin:" + canonicalClassName; } - public ContextProvidingPluginSubject(ThreadPool threadPool, Settings settings, Plugin plugin) { + public SecurePluginSubject(ThreadPool threadPool, Settings settings, Plugin plugin) { super(); this.threadPool = threadPool; String principal = getPluginPrincipalName(plugin.getClass().getCanonicalName()); @@ -46,10 +46,10 @@ public Principal getPrincipal() { } @Override - public T runAs(Callable callable) throws Exception { + public void runAs(CheckedRunnable r) throws E { try (ThreadContext.StoredContext ctx = threadPool.getThreadContext().stashContext()) { threadPool.getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, pluginUser); - return callable.call(); + r.run(); } } } diff --git a/src/test/java/org/opensearch/security/auth/UserSubjectImplTests.java b/src/test/java/org/opensearch/security/auth/UserSubjectImplTests.java index bbcbf99e94..f532ddc689 100644 --- a/src/test/java/org/opensearch/security/auth/UserSubjectImplTests.java +++ b/src/test/java/org/opensearch/security/auth/UserSubjectImplTests.java @@ -43,10 +43,7 @@ public void testSecurityUserSubjectRunAs() throws Exception { assertNull(threadPool.getThreadContext().getTransient(OPENDISTRO_SECURITY_USER)); - subject.runAs(() -> { - assertThat(threadPool.getThreadContext().getTransient(OPENDISTRO_SECURITY_USER), equalTo(user)); - return null; - }); + subject.runAs(() -> { assertThat(threadPool.getThreadContext().getTransient(OPENDISTRO_SECURITY_USER), equalTo(user)); }); assertNull(threadPool.getThreadContext().getTransient(OPENDISTRO_SECURITY_USER)); diff --git a/src/test/java/org/opensearch/security/identity/ContextProvidingPluginSubjectTests.java b/src/test/java/org/opensearch/security/identity/SecurePluginSubjectTests.java similarity index 82% rename from src/test/java/org/opensearch/security/identity/ContextProvidingPluginSubjectTests.java rename to src/test/java/org/opensearch/security/identity/SecurePluginSubjectTests.java index a719fc716e..2efab70b85 100644 --- a/src/test/java/org/opensearch/security/identity/ContextProvidingPluginSubjectTests.java +++ b/src/test/java/org/opensearch/security/identity/SecurePluginSubjectTests.java @@ -26,7 +26,7 @@ import static org.opensearch.security.support.ConfigConstants.OPENDISTRO_SECURITY_USER; import static org.junit.Assert.assertNull; -public class ContextProvidingPluginSubjectTests { +public class SecurePluginSubjectTests { static class TestIdentityAwarePlugin extends Plugin implements IdentityAwarePlugin { } @@ -41,16 +41,13 @@ public void testSecurityUserSubjectRunAs() throws Exception { final User pluginUser = new User(pluginPrincipal); - ContextProvidingPluginSubject subject = new ContextProvidingPluginSubject(threadPool, Settings.EMPTY, testPlugin); + SecurePluginSubject subject = new SecurePluginSubject(threadPool, Settings.EMPTY, testPlugin); assertThat(subject.getPrincipal().getName(), equalTo(pluginPrincipal)); assertNull(threadPool.getThreadContext().getTransient(OPENDISTRO_SECURITY_USER)); - subject.runAs(() -> { - assertThat(threadPool.getThreadContext().getTransient(OPENDISTRO_SECURITY_USER), equalTo(pluginUser)); - return null; - }); + subject.runAs(() -> { assertThat(threadPool.getThreadContext().getTransient(OPENDISTRO_SECURITY_USER), equalTo(pluginUser)); }); assertNull(threadPool.getThreadContext().getTransient(OPENDISTRO_SECURITY_USER));